AclResource.java

/*****************************************************************************************
Infosistema - OpenBaas
Copyright(C) 2002-2014 Infosistema, S.A.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
www.infosistema.com
info@openbaas.com
Av. José Gomes Ferreira, 11 3rd floor, s.34
Miraflores
1495-139 Algés Portugal
****************************************************************************************/
package infosistema.openbaas.rest;

import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriInfo;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;

import infosistema.openbaas.middleLayer.AclMiddleLayer;
import infosistema.openbaas.middleLayer.AppsMiddleLayer;
import infosistema.openbaas.middleLayer.SessionMiddleLayer;
import infosistema.openbaas.utils.Const;
import infosistema.openbaas.utils.Log;


// test MARCIO
public class AclResource {

	List<PathSegment> path;
	AclMiddleLayer aclMid;
	AppsMiddleLayer appsMid;
	private static final String ERROR_TOKEN = "Incorrect session Token";
	private static final String SUCESS_ACL = "Permissions set";

	public AclResource(List<PathSegment> path) {
		this.path = path;
		aclMid = AclMiddleLayer.getInstance();
		appsMid = AppsMiddleLayer.getInstance();
	}

	// *** CREATE *** //

 	// *** UPDATE *** //
	
	// *** DELETE *** //
	
	// *** GET LIST *** //
	
	// *** GET *** //
	
	public String getUserIdFromSessionToken(HttpHeaders hh) {
		Cookie sessionToken = null;
		Map<String, Cookie> cookiesParams = hh.getCookies();
		// iterate cookies
		try {
			sessionToken = cookiesParams.get(Const.SESSION_TOKEN);
		} catch (Exception e) { }
		if (sessionToken != null)
			return SessionMiddleLayer.getInstance().getUserIdUsingSessionToken(sessionToken.getValue());
		else
			return null;
	}

	@GET
	@Produces(MediaType.APPLICATION_JSON)
	public Response getPermissions(@Context HttpHeaders hh) {
		String userId = getUserIdFromSessionToken(hh);
		Response response;
		if (userId == null) {
			response = Response.status(Status.BAD_REQUEST).entity(ERROR_TOKEN)
					.build();
		} else {
			// mandar o path para a camada intermedia e buscar da arvore
			String permissions = aclMid.getPermissions(path, userId);
			JSONObject json = new JSONObject();
			try {
				json.put("permissions", permissions);
			} catch (JSONException e) {
				Log.error("", this, "getPermissions", "Error parsing the JSON.", e); 
			}
			response = Response.status(Status.OK).entity(json).build();
		}
		return response;
	}

	@PUT
	@Consumes(MediaType.APPLICATION_JSON)
	@Produces(MediaType.APPLICATION_JSON)
	public Response setPermissions(JSONObject inputJson,
			@Context HttpServletRequest req, @Context UriInfo ui,
			@Context HttpHeaders hh) {
		String userId = getUserIdFromSessionToken(hh);
		Response response;
		if (userId == null) {
			response = Response.status(Status.BAD_REQUEST).entity(ERROR_TOKEN).build();
		} else {
			boolean permissionsError = false;
			String permissions = null;
			try {
				permissions = inputJson.getString("permissions");
			} catch (JSONException e) {
				permissionsError = true;
				Log.error("", this, "setPermissions", "Error parsing the JSON.", e); 
			}
			// only 4 permissions to set CRUD
			if (permissions == null || permissions.length() != 4)
				response = Response.status(Status.BAD_REQUEST)
						.entity("Error with the permissions").build();
			else {
				for (int i = 0; i < permissions.length(); i++) {
					char at = permissions.charAt(i);
					// defined permission character "o,x,-", anything else = error
					// 'o' = permited
					// 'x' = denied
					// '-' = check the parent for this permission
					//order CRUD -> 'xxxx' denied for create,read,update and delete
					//order CRUD -> 'oooo' allowed for create,read,update and delete
					if (at != 'o' && at != 'x' && at != '-') { 
						permissionsError = true;
						break;
					}
				}
				if (permissionsError)
					response = Response.status(Status.BAD_REQUEST)
							.entity("Error with the permissions").build();
				else {
					aclMid.writePermissions(path, permissions, userId);
				}
			}
			response = Response.status(Status.OK).entity(SUCESS_ACL).build();
		}
		return response;
	}
	
	
	// *** OTHERS *** //

	// *** RESOURCES *** //

}